Magellan Linux

  • Back to homepage
    • /[pkg-src]/trunk/kernel-alx-legacy/patches-4.9/0415-4.9.316-all-fixes.patch

    Contents of /trunk/kernel-alx-legacy/patches-4.9/0415-4.9.316-all-fixes.patch

    Parent Directory Parent Directory | Revision Log Revision Log

    Revision 3717 - (show annotations) (download)
    Mon Oct 24 14:08:29 2022 UTC (18 months, 1 week ago) by niro
    File size: 22199 byte(s) 
    -linux-4.9.316
    1 diff --git a/Makefile b/Makefile
    2 index b849f2683ae68..24a0bb5416ff5 100644
    3 --- a/Makefile
    4 +++ b/Makefile
    5 @@ -1,6 +1,6 @@
    6 VERSION = 4
    7 PATCHLEVEL = 9
    8 -SUBLEVEL = 315
    9 +SUBLEVEL = 316
    10 EXTRAVERSION =
    11 NAME = Roaring Lionus
    12
    13 diff --git a/arch/arm/kernel/entry-armv.S b/arch/arm/kernel/entry-armv.S
    14 index 77ec669fd5ee1..247229e69322d 100644
    15 --- a/arch/arm/kernel/entry-armv.S
    16 +++ b/arch/arm/kernel/entry-armv.S
    17 @@ -1074,7 +1074,7 @@ vector_bhb_loop8_\name:
    18
    19 @ bhb workaround
    20 mov r0, #8
    21 -3: b . + 4
    22 +3: W(b) . + 4
    23 subs r0, r0, #1
    24 bne 3b
    25 dsb
    26 diff --git a/arch/arm/kernel/stacktrace.c b/arch/arm/kernel/stacktrace.c
    27 index c10c1de244eba..83d0aa217bb25 100644
    28 --- a/arch/arm/kernel/stacktrace.c
    29 +++ b/arch/arm/kernel/stacktrace.c
    30 @@ -50,17 +50,17 @@ int notrace unwind_frame(struct stackframe *frame)
    31 return -EINVAL;
    32
    33 frame->sp = frame->fp;
    34 - frame->fp = *(unsigned long *)(fp);
    35 - frame->pc = *(unsigned long *)(fp + 4);
    36 + frame->fp = READ_ONCE_NOCHECK(*(unsigned long *)(fp));
    37 + frame->pc = READ_ONCE_NOCHECK(*(unsigned long *)(fp + 4));
    38 #else
    39 /* check current frame pointer is within bounds */
    40 if (fp < low + 12 || fp > high - 4)
    41 return -EINVAL;
    42
    43 /* restore the registers from the stack frame */
    44 - frame->fp = *(unsigned long *)(fp - 12);
    45 - frame->sp = *(unsigned long *)(fp - 8);
    46 - frame->pc = *(unsigned long *)(fp - 4);
    47 + frame->fp = READ_ONCE_NOCHECK(*(unsigned long *)(fp - 12));
    48 + frame->sp = READ_ONCE_NOCHECK(*(unsigned long *)(fp - 8));
    49 + frame->pc = READ_ONCE_NOCHECK(*(unsigned long *)(fp - 4));
    50 #endif
    51
    52 return 0;
    53 diff --git a/arch/arm/mm/proc-v7-bugs.c b/arch/arm/mm/proc-v7-bugs.c
    54 index 1b6e770bc1cd3..8b78694d56b88 100644
    55 --- a/arch/arm/mm/proc-v7-bugs.c
    56 +++ b/arch/arm/mm/proc-v7-bugs.c
    57 @@ -297,6 +297,7 @@ void cpu_v7_ca15_ibe(void)
    58 {
    59 if (check_spectre_auxcr(this_cpu_ptr(&spectre_warned), BIT(0)))
    60 cpu_v7_spectre_v2_init();
    61 + cpu_v7_spectre_bhb_init();
    62 }
    63
    64 void cpu_v7_bugs_init(void)
    65 diff --git a/arch/mips/lantiq/falcon/sysctrl.c b/arch/mips/lantiq/falcon/sysctrl.c
    66 index 82bbd0e2e298f..714d926594897 100644
    67 --- a/arch/mips/lantiq/falcon/sysctrl.c
    68 +++ b/arch/mips/lantiq/falcon/sysctrl.c
    69 @@ -169,6 +169,8 @@ static inline void clkdev_add_sys(const char *dev, unsigned int module,
    70 {
    71 struct clk *clk = kzalloc(sizeof(struct clk), GFP_KERNEL);
    72
    73 + if (!clk)
    74 + return;
    75 clk->cl.dev_id = dev;
    76 clk->cl.con_id = NULL;
    77 clk->cl.clk = clk;
    78 diff --git a/arch/mips/lantiq/xway/gptu.c b/arch/mips/lantiq/xway/gptu.c
    79 index 0f1bbea1a8166..955d0d5cfbdb0 100644
    80 --- a/arch/mips/lantiq/xway/gptu.c
    81 +++ b/arch/mips/lantiq/xway/gptu.c
    82 @@ -124,6 +124,8 @@ static inline void clkdev_add_gptu(struct device *dev, const char *con,
    83 {
    84 struct clk *clk = kzalloc(sizeof(struct clk), GFP_KERNEL);
    85
    86 + if (!clk)
    87 + return;
    88 clk->cl.dev_id = dev_name(dev);
    89 clk->cl.con_id = con;
    90 clk->cl.clk = clk;
    91 diff --git a/arch/mips/lantiq/xway/sysctrl.c b/arch/mips/lantiq/xway/sysctrl.c
    92 index 95bec460b651f..dd7c36a193e30 100644
    93 --- a/arch/mips/lantiq/xway/sysctrl.c
    94 +++ b/arch/mips/lantiq/xway/sysctrl.c
    95 @@ -331,6 +331,8 @@ static void clkdev_add_pmu(const char *dev, const char *con, bool deactivate,
    96 {
    97 struct clk *clk = kzalloc(sizeof(struct clk), GFP_KERNEL);
    98
    99 + if (!clk)
    100 + return;
    101 clk->cl.dev_id = dev;
    102 clk->cl.con_id = con;
    103 clk->cl.clk = clk;
    104 @@ -354,6 +356,8 @@ static void clkdev_add_cgu(const char *dev, const char *con,
    105 {
    106 struct clk *clk = kzalloc(sizeof(struct clk), GFP_KERNEL);
    107
    108 + if (!clk)
    109 + return;
    110 clk->cl.dev_id = dev;
    111 clk->cl.con_id = con;
    112 clk->cl.clk = clk;
    113 @@ -372,24 +376,28 @@ static void clkdev_add_pci(void)
    114 struct clk *clk_ext = kzalloc(sizeof(struct clk), GFP_KERNEL);
    115
    116 /* main pci clock */
    117 - clk->cl.dev_id = "17000000.pci";
    118 - clk->cl.con_id = NULL;
    119 - clk->cl.clk = clk;
    120 - clk->rate = CLOCK_33M;
    121 - clk->rates = valid_pci_rates;
    122 - clk->enable = pci_enable;
    123 - clk->disable = pmu_disable;
    124 - clk->module = 0;
    125 - clk->bits = PMU_PCI;
    126 - clkdev_add(&clk->cl);
    127 + if (clk) {
    128 + clk->cl.dev_id = "17000000.pci";
    129 + clk->cl.con_id = NULL;
    130 + clk->cl.clk = clk;
    131 + clk->rate = CLOCK_33M;
    132 + clk->rates = valid_pci_rates;
    133 + clk->enable = pci_enable;
    134 + clk->disable = pmu_disable;
    135 + clk->module = 0;
    136 + clk->bits = PMU_PCI;
    137 + clkdev_add(&clk->cl);
    138 + }
    139
    140 /* use internal/external bus clock */
    141 - clk_ext->cl.dev_id = "17000000.pci";
    142 - clk_ext->cl.con_id = "external";
    143 - clk_ext->cl.clk = clk_ext;
    144 - clk_ext->enable = pci_ext_enable;
    145 - clk_ext->disable = pci_ext_disable;
    146 - clkdev_add(&clk_ext->cl);
    147 + if (clk_ext) {
    148 + clk_ext->cl.dev_id = "17000000.pci";
    149 + clk_ext->cl.con_id = "external";
    150 + clk_ext->cl.clk = clk_ext;
    151 + clk_ext->enable = pci_ext_enable;
    152 + clk_ext->disable = pci_ext_disable;
    153 + clkdev_add(&clk_ext->cl);
    154 + }
    155 }
    156
    157 /* xway socs can generate clocks on gpio pins */
    158 @@ -409,9 +417,15 @@ static void clkdev_add_clkout(void)
    159 char *name;
    160
    161 name = kzalloc(sizeof("clkout0"), GFP_KERNEL);
    162 + if (!name)
    163 + continue;
    164 sprintf(name, "clkout%d", i);
    165
    166 clk = kzalloc(sizeof(struct clk), GFP_KERNEL);
    167 + if (!clk) {
    168 + kfree(name);
    169 + continue;
    170 + }
    171 clk->cl.dev_id = "1f103000.cgu";
    172 clk->cl.con_id = name;
    173 clk->cl.clk = clk;
    174 diff --git a/arch/x86/um/shared/sysdep/syscalls_64.h b/arch/x86/um/shared/sysdep/syscalls_64.h
    175 index 8a7d5e1da98e5..1e6875b4ffd83 100644
    176 --- a/arch/x86/um/shared/sysdep/syscalls_64.h
    177 +++ b/arch/x86/um/shared/sysdep/syscalls_64.h
    178 @@ -10,13 +10,12 @@
    179 #include <linux/msg.h>
    180 #include <linux/shm.h>
    181
    182 -typedef long syscall_handler_t(void);
    183 +typedef long syscall_handler_t(long, long, long, long, long, long);
    184
    185 extern syscall_handler_t *sys_call_table[];
    186
    187 #define EXECUTE_SYSCALL(syscall, regs) \
    188 - (((long (*)(long, long, long, long, long, long)) \
    189 - (*sys_call_table[syscall]))(UPT_SYSCALL_ARG1(&regs->regs), \
    190 + (((*sys_call_table[syscall]))(UPT_SYSCALL_ARG1(&regs->regs), \
    191 UPT_SYSCALL_ARG2(&regs->regs), \
    192 UPT_SYSCALL_ARG3(&regs->regs), \
    193 UPT_SYSCALL_ARG4(&regs->regs), \
    194 diff --git a/drivers/block/drbd/drbd_main.c b/drivers/block/drbd/drbd_main.c
    195 index daa9cef96ec66..f4537a5eef024 100644
    196 --- a/drivers/block/drbd/drbd_main.c
    197 +++ b/drivers/block/drbd/drbd_main.c
    198 @@ -193,7 +193,7 @@ void tl_release(struct drbd_connection *connection, unsigned int barrier_nr,
    199 unsigned int set_size)
    200 {
    201 struct drbd_request *r;
    202 - struct drbd_request *req = NULL;
    203 + struct drbd_request *req = NULL, *tmp = NULL;
    204 int expect_epoch = 0;
    205 int expect_size = 0;
    206
    207 @@ -247,8 +247,11 @@ void tl_release(struct drbd_connection *connection, unsigned int barrier_nr,
    208 * to catch requests being barrier-acked "unexpectedly".
    209 * It usually should find the same req again, or some READ preceding it. */
    210 list_for_each_entry(req, &connection->transfer_log, tl_requests)
    211 - if (req->epoch == expect_epoch)
    212 + if (req->epoch == expect_epoch) {
    213 + tmp = req;
    214 break;
    215 + }
    216 + req = list_prepare_entry(tmp, &connection->transfer_log, tl_requests);
    217 list_for_each_entry_safe_from(req, r, &connection->transfer_log, tl_requests) {
    218 if (req->epoch != expect_epoch)
    219 break;
    220 diff --git a/drivers/block/floppy.c b/drivers/block/floppy.c
    221 index cfe1bfb3c20e9..216ee1057b12e 100644
    222 --- a/drivers/block/floppy.c
    223 +++ b/drivers/block/floppy.c
    224 @@ -516,8 +516,8 @@ static unsigned long fdc_busy;
    225 static DECLARE_WAIT_QUEUE_HEAD(fdc_wait);
    226 static DECLARE_WAIT_QUEUE_HEAD(command_done);
    227
    228 -/* Errors during formatting are counted here. */
    229 -static int format_errors;
    230 +/* errors encountered on the current (or last) request */
    231 +static int floppy_errors;
    232
    233 /* Format request descriptor. */
    234 static struct format_descr format_req;
    235 @@ -537,7 +537,6 @@ static struct format_descr format_req;
    236 static char *floppy_track_buffer;
    237 static int max_buffer_sectors;
    238
    239 -static int *errors;
    240 typedef void (*done_f)(int);
    241 static const struct cont_t {
    242 void (*interrupt)(void);
    243 @@ -1426,7 +1425,7 @@ static int interpret_errors(void)
    244 if (DP->flags & FTD_MSG)
    245 DPRINT("Over/Underrun - retrying\n");
    246 bad = 0;
    247 - } else if (*errors >= DP->max_errors.reporting) {
    248 + } else if (floppy_errors >= DP->max_errors.reporting) {
    249 print_errors();
    250 }
    251 if (ST2 & ST2_WC || ST2 & ST2_BC)
    252 @@ -2049,7 +2048,7 @@ static void bad_flp_intr(void)
    253 if (!next_valid_format())
    254 return;
    255 }
    256 - err_count = ++(*errors);
    257 + err_count = ++floppy_errors;
    258 INFBOUND(DRWE->badness, err_count);
    259 if (err_count > DP->max_errors.abort)
    260 cont->done(0);
    261 @@ -2194,9 +2193,8 @@ static int do_format(int drive, struct format_descr *tmp_format_req)
    262 return -EINVAL;
    263 }
    264 format_req = *tmp_format_req;
    265 - format_errors = 0;
    266 cont = &format_cont;
    267 - errors = &format_errors;
    268 + floppy_errors = 0;
    269 ret = wait_til_done(redo_format, true);
    270 if (ret == -EINTR)
    271 return -EINTR;
    272 @@ -2679,7 +2677,7 @@ static int make_raw_rw_request(void)
    273 */
    274 if (!direct ||
    275 (indirect * 2 > direct * 3 &&
    276 - *errors < DP->max_errors.read_track &&
    277 + floppy_errors < DP->max_errors.read_track &&
    278 ((!probing ||
    279 (DP->read_track & (1 << DRS->probed_format)))))) {
    280 max_size = blk_rq_sectors(current_req);
    281 @@ -2812,8 +2810,10 @@ static int set_next_request(void)
    282 fdc_queue = 0;
    283 if (q) {
    284 current_req = blk_fetch_request(q);
    285 - if (current_req)
    286 + if (current_req) {
    287 + floppy_errors = 0;
    288 break;
    289 + }
    290 }
    291 } while (fdc_queue != old_pos);
    292
    293 @@ -2873,7 +2873,6 @@ do_request:
    294 _floppy = floppy_type + DP->autodetect[DRS->probed_format];
    295 } else
    296 probing = 0;
    297 - errors = &(current_req->errors);
    298 tmp = make_raw_rw_request();
    299 if (tmp < 2) {
    300 request_done(tmp);
    301 diff --git a/drivers/gpu/drm/drm_dp_mst_topology.c b/drivers/gpu/drm/drm_dp_mst_topology.c
    302 index bb70c5272fe8e..efd3ac2acea5a 100644
    303 --- a/drivers/gpu/drm/drm_dp_mst_topology.c
    304 +++ b/drivers/gpu/drm/drm_dp_mst_topology.c
    305 @@ -2830,6 +2830,7 @@ static void fetch_monitor_name(struct drm_dp_mst_topology_mgr *mgr,
    306
    307 mst_edid = drm_dp_mst_get_edid(port->connector, mgr, port);
    308 drm_edid_get_monitor_name(mst_edid, name, namelen);
    309 + kfree(mst_edid);
    310 }
    311
    312 /**
    313 diff --git a/drivers/input/input.c b/drivers/input/input.c
    314 index 5d94fc3fce0bb..378717d1b3b47 100644
    315 --- a/drivers/input/input.c
    316 +++ b/drivers/input/input.c
    317 @@ -50,6 +50,17 @@ static DEFINE_MUTEX(input_mutex);
    318
    319 static const struct input_value input_value_sync = { EV_SYN, SYN_REPORT, 1 };
    320
    321 +static const unsigned int input_max_code[EV_CNT] = {
    322 + [EV_KEY] = KEY_MAX,
    323 + [EV_REL] = REL_MAX,
    324 + [EV_ABS] = ABS_MAX,
    325 + [EV_MSC] = MSC_MAX,
    326 + [EV_SW] = SW_MAX,
    327 + [EV_LED] = LED_MAX,
    328 + [EV_SND] = SND_MAX,
    329 + [EV_FF] = FF_MAX,
    330 +};
    331 +
    332 static inline int is_event_supported(unsigned int code,
    333 unsigned long *bm, unsigned int max)
    334 {
    335 @@ -1913,6 +1924,14 @@ EXPORT_SYMBOL(input_free_device);
    336 */
    337 void input_set_capability(struct input_dev *dev, unsigned int type, unsigned int code)
    338 {
    339 + if (type < EV_CNT && input_max_code[type] &&
    340 + code > input_max_code[type]) {
    341 + pr_err("%s: invalid code %u for type %u\n", __func__, code,
    342 + type);
    343 + dump_stack();
    344 + return;
    345 + }
    346 +
    347 switch (type) {
    348 case EV_KEY:
    349 __set_bit(code, dev->keybit);
    350 diff --git a/drivers/mmc/card/block.c b/drivers/mmc/card/block.c
    351 index 709a872ed484a..7b8c72a07900a 100644
    352 --- a/drivers/mmc/card/block.c
    353 +++ b/drivers/mmc/card/block.c
    354 @@ -1192,7 +1192,7 @@ retry:
    355 arg == MMC_TRIM_ARG ?
    356 INAND_CMD38_ARG_TRIM :
    357 INAND_CMD38_ARG_ERASE,
    358 - 0);
    359 + card->ext_csd.generic_cmd6_time);
    360 if (err)
    361 goto out;
    362 }
    363 @@ -1235,7 +1235,7 @@ retry:
    364 arg == MMC_SECURE_TRIM1_ARG ?
    365 INAND_CMD38_ARG_SECTRIM1 :
    366 INAND_CMD38_ARG_SECERASE,
    367 - 0);
    368 + card->ext_csd.generic_cmd6_time);
    369 if (err)
    370 goto out_retry;
    371 }
    372 @@ -1251,7 +1251,7 @@ retry:
    373 err = mmc_switch(card, EXT_CSD_CMD_SET_NORMAL,
    374 INAND_CMD38_ARG_EXT_CSD,
    375 INAND_CMD38_ARG_SECTRIM2,
    376 - 0);
    377 + card->ext_csd.generic_cmd6_time);
    378 if (err)
    379 goto out_retry;
    380 }
    381 diff --git a/drivers/mmc/core/core.c b/drivers/mmc/core/core.c
    382 index f0fa6a799f7ce..dfe55e9d729f8 100644
    383 --- a/drivers/mmc/core/core.c
    384 +++ b/drivers/mmc/core/core.c
    385 @@ -61,6 +61,8 @@
    386 /* The max erase timeout, used when host->max_busy_timeout isn't specified */
    387 #define MMC_ERASE_TIMEOUT_MS (60 * 1000) /* 60 s */
    388
    389 +#define MMC_CACHE_FLUSH_TIMEOUT_MS (30 * 1000) /* 30s */
    390 +
    391 static const unsigned freqs[] = { 400000, 300000, 200000, 100000 };
    392
    393 /*
    394 @@ -2936,7 +2938,8 @@ int mmc_flush_cache(struct mmc_card *card)
    395 (card->ext_csd.cache_size > 0) &&
    396 (card->ext_csd.cache_ctrl & 1)) {
    397 err = mmc_switch(card, EXT_CSD_CMD_SET_NORMAL,
    398 - EXT_CSD_FLUSH_CACHE, 1, 0);
    399 + EXT_CSD_FLUSH_CACHE, 1,
    400 + MMC_CACHE_FLUSH_TIMEOUT_MS);
    401 if (err)
    402 pr_err("%s: cache flush error %d\n",
    403 mmc_hostname(card->host), err);
    404 diff --git a/drivers/mmc/core/mmc_ops.c b/drivers/mmc/core/mmc_ops.c
    405 index ad6e9798e9491..3d8907fc2a520 100644
    406 --- a/drivers/mmc/core/mmc_ops.c
    407 +++ b/drivers/mmc/core/mmc_ops.c
    408 @@ -22,8 +22,6 @@
    409 #include "host.h"
    410 #include "mmc_ops.h"
    411
    412 -#define MMC_OPS_TIMEOUT_MS (10 * 60 * 1000) /* 10 minute timeout */
    413 -
    414 static const u8 tuning_blk_pattern_4bit[] = {
    415 0xff, 0x0f, 0xff, 0x00, 0xff, 0xcc, 0xc3, 0xcc,
    416 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef,
    417 @@ -530,8 +528,11 @@ int __mmc_switch(struct mmc_card *card, u8 set, u8 index, u8 value,
    418 ignore_crc = false;
    419
    420 /* We have an unspecified cmd timeout, use the fallback value. */
    421 - if (!timeout_ms)
    422 - timeout_ms = MMC_OPS_TIMEOUT_MS;
    423 + if (!timeout_ms) {
    424 + pr_warn("%s: unspecified timeout for CMD6 - use generic\n",
    425 + mmc_hostname(host));
    426 + timeout_ms = card->ext_csd.generic_cmd6_time;
    427 + }
    428
    429 /* Must check status to be sure of no errors. */
    430 timeout = jiffies + msecs_to_jiffies(timeout_ms) + 1;
    431 diff --git a/drivers/net/ethernet/dec/tulip/tulip_core.c b/drivers/net/ethernet/dec/tulip/tulip_core.c
    432 index bbde90bc74fe2..6224f9d222981 100644
    433 --- a/drivers/net/ethernet/dec/tulip/tulip_core.c
    434 +++ b/drivers/net/ethernet/dec/tulip/tulip_core.c
    435 @@ -1412,8 +1412,10 @@ static int tulip_init_one(struct pci_dev *pdev, const struct pci_device_id *ent)
    436
    437 /* alloc_etherdev ensures aligned and zeroed private structures */
    438 dev = alloc_etherdev (sizeof (*tp));
    439 - if (!dev)
    440 + if (!dev) {
    441 + pci_disable_device(pdev);
    442 return -ENOMEM;
    443 + }
    444
    445 SET_NETDEV_DEV(dev, &pdev->dev);
    446 if (pci_resource_len (pdev, 0) < tulip_tbl[chip_idx].io_size) {
    447 @@ -1792,6 +1794,7 @@ err_out_free_res:
    448
    449 err_out_free_netdev:
    450 free_netdev (dev);
    451 + pci_disable_device(pdev);
    452 return -ENODEV;
    453 }
    454
    455 diff --git a/drivers/net/ethernet/intel/igb/igb_main.c b/drivers/net/ethernet/intel/igb/igb_main.c
    456 index 6bede67744864..d825e527ec1ac 100644
    457 --- a/drivers/net/ethernet/intel/igb/igb_main.c
    458 +++ b/drivers/net/ethernet/intel/igb/igb_main.c
    459 @@ -4546,7 +4546,8 @@ static void igb_watchdog_task(struct work_struct *work)
    460 break;
    461 }
    462
    463 - if (adapter->link_speed != SPEED_1000)
    464 + if (adapter->link_speed != SPEED_1000 ||
    465 + !hw->phy.ops.read_reg)
    466 goto no_wait;
    467
    468 /* wait for Remote receiver status OK */
    469 diff --git a/drivers/net/ethernet/qlogic/qla3xxx.c b/drivers/net/ethernet/qlogic/qla3xxx.c
    470 index 147effc16316f..e62e3a9d52490 100644
    471 --- a/drivers/net/ethernet/qlogic/qla3xxx.c
    472 +++ b/drivers/net/ethernet/qlogic/qla3xxx.c
    473 @@ -3625,7 +3625,8 @@ static void ql_reset_work(struct work_struct *work)
    474 qdev->mem_map_registers;
    475 unsigned long hw_flags;
    476
    477 - if (test_bit((QL_RESET_PER_SCSI | QL_RESET_START), &qdev->flags)) {
    478 + if (test_bit(QL_RESET_PER_SCSI, &qdev->flags) ||
    479 + test_bit(QL_RESET_START, &qdev->flags)) {
    480 clear_bit(QL_LINK_MASTER, &qdev->flags);
    481
    482 /*
    483 diff --git a/drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c b/drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c
    484 index 49eaede34eea6..9beb93479e282 100644
    485 --- a/drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c
    486 +++ b/drivers/net/ethernet/stmicro/stmmac/stmmac_pci.c
    487 @@ -183,7 +183,7 @@ static int stmmac_pci_probe(struct pci_dev *pdev,
    488 return -ENOMEM;
    489
    490 /* Enable pci device */
    491 - ret = pci_enable_device(pdev);
    492 + ret = pcim_enable_device(pdev);
    493 if (ret) {
    494 dev_err(&pdev->dev, "%s: ERROR: failed to enable device\n",
    495 __func__);
    496 @@ -241,8 +241,6 @@ static void stmmac_pci_remove(struct pci_dev *pdev)
    497 pcim_iounmap_regions(pdev, BIT(i));
    498 break;
    499 }
    500 -
    501 - pci_disable_device(pdev);
    502 }
    503
    504 static int stmmac_pci_suspend(struct device *dev)
    505 diff --git a/drivers/net/vmxnet3/vmxnet3_drv.c b/drivers/net/vmxnet3/vmxnet3_drv.c
    506 index 56a8031b56b37..cce959f281b72 100644
    507 --- a/drivers/net/vmxnet3/vmxnet3_drv.c
    508 +++ b/drivers/net/vmxnet3/vmxnet3_drv.c
    509 @@ -595,6 +595,7 @@ vmxnet3_rq_alloc_rx_buf(struct vmxnet3_rx_queue *rq, u32 ring_idx,
    510 if (dma_mapping_error(&adapter->pdev->dev,
    511 rbi->dma_addr)) {
    512 dev_kfree_skb_any(rbi->skb);
    513 + rbi->skb = NULL;
    514 rq->stats.rx_buf_alloc_failure++;
    515 break;
    516 }
    517 @@ -619,6 +620,7 @@ vmxnet3_rq_alloc_rx_buf(struct vmxnet3_rx_queue *rq, u32 ring_idx,
    518 if (dma_mapping_error(&adapter->pdev->dev,
    519 rbi->dma_addr)) {
    520 put_page(rbi->page);
    521 + rbi->page = NULL;
    522 rq->stats.rx_buf_alloc_failure++;
    523 break;
    524 }
    525 @@ -1571,6 +1573,10 @@ vmxnet3_rq_cleanup(struct vmxnet3_rx_queue *rq,
    526 u32 i, ring_idx;
    527 struct Vmxnet3_RxDesc *rxd;
    528
    529 + /* ring has already been cleaned up */
    530 + if (!rq->rx_ring[0].base)
    531 + return;
    532 +
    533 for (ring_idx = 0; ring_idx < 2; ring_idx++) {
    534 for (i = 0; i < rq->rx_ring[ring_idx].size; i++) {
    535 #ifdef __BIG_ENDIAN_BITFIELD
    536 diff --git a/drivers/scsi/qla2xxx/qla_target.c b/drivers/scsi/qla2xxx/qla_target.c
    537 index 6ef7a094ee515..b4a21adb3e738 100644
    538 --- a/drivers/scsi/qla2xxx/qla_target.c
    539 +++ b/drivers/scsi/qla2xxx/qla_target.c
    540 @@ -3286,6 +3286,9 @@ int qlt_abort_cmd(struct qla_tgt_cmd *cmd)
    541
    542 spin_lock_irqsave(&cmd->cmd_lock, flags);
    543 if (cmd->aborted) {
    544 + if (cmd->sg_mapped)
    545 + qlt_unmap_sg(vha, cmd);
    546 +
    547 spin_unlock_irqrestore(&cmd->cmd_lock, flags);
    548 /*
    549 * It's normal to see 2 calls in this path:
    550 diff --git a/kernel/events/core.c b/kernel/events/core.c
    551 index 396abd52962b8..2466e2ae54dc1 100644
    552 --- a/kernel/events/core.c
    553 +++ b/kernel/events/core.c
    554 @@ -9903,6 +9903,9 @@ SYSCALL_DEFINE5(perf_event_open,
    555 * Do not allow to attach to a group in a different task
    556 * or CPU context. If we're moving SW events, we'll fix
    557 * this up later, so allow that.
    558 + *
    559 + * Racy, not holding group_leader->ctx->mutex, see comment with
    560 + * perf_event_ctx_lock().
    561 */
    562 if (!move_group && group_leader->ctx != ctx)
    563 goto err_context;
    564 @@ -9952,11 +9955,22 @@ SYSCALL_DEFINE5(perf_event_open,
    565 } else {
    566 perf_event_ctx_unlock(group_leader, gctx);
    567 move_group = 0;
    568 + goto not_move_group;
    569 }
    570 }
    571 } else {
    572 mutex_lock(&ctx->mutex);
    573 +
    574 + /*
    575 + * Now that we hold ctx->lock, (re)validate group_leader->ctx == ctx,
    576 + * see the group_leader && !move_group test earlier.
    577 + */
    578 + if (group_leader && group_leader->ctx != ctx) {
    579 + err = -EINVAL;
    580 + goto err_locked;
    581 + }
    582 }
    583 +not_move_group:
    584
    585 if (ctx->task == TASK_TOMBSTONE) {
    586 err = -ESRCH;
    587 diff --git a/net/key/af_key.c b/net/key/af_key.c
    588 index c9cc9f75b0999..776f94ecbfe6d 100644
    589 --- a/net/key/af_key.c
    590 +++ b/net/key/af_key.c
    591 @@ -2861,8 +2861,10 @@ static int pfkey_process(struct sock *sk, struct sk_buff *skb, const struct sadb
    592 void *ext_hdrs[SADB_EXT_MAX];
    593 int err;
    594
    595 - pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
    596 - BROADCAST_PROMISC_ONLY, NULL, sock_net(sk));
    597 + err = pfkey_broadcast(skb_clone(skb, GFP_KERNEL), GFP_KERNEL,
    598 + BROADCAST_PROMISC_ONLY, NULL, sock_net(sk));
    599 + if (err)
    600 + return err;
    601
    602 memset(ext_hdrs, 0, sizeof(ext_hdrs));
    603 err = parse_exthdrs(skb, hdr, ext_hdrs);
    604 diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
    605 index 41af02a70742e..02845bed07d74 100644
    606 --- a/net/mac80211/rx.c
    607 +++ b/net/mac80211/rx.c
    608 @@ -1179,8 +1179,7 @@ static void ieee80211_rx_reorder_ampdu(struct ieee80211_rx_data *rx,
    609 goto dont_reorder;
    610
    611 /* not part of a BA session */
    612 - if (ack_policy != IEEE80211_QOS_CTL_ACK_POLICY_BLOCKACK &&
    613 - ack_policy != IEEE80211_QOS_CTL_ACK_POLICY_NORMAL)
    614 + if (ack_policy == IEEE80211_QOS_CTL_ACK_POLICY_NOACK)
    615 goto dont_reorder;
    616
    617 /* new, potentially un-ordered, ampdu frame - process it */
    618 diff --git a/net/nfc/nci/data.c b/net/nfc/nci/data.c
    619 index d203837797102..b8a295dd15d85 100644
    620 --- a/net/nfc/nci/data.c
    621 +++ b/net/nfc/nci/data.c
    622 @@ -130,7 +130,7 @@ static int nci_queue_tx_data_frags(struct nci_dev *ndev,
    623
    624 skb_frag = nci_skb_alloc(ndev,
    625 (NCI_DATA_HDR_SIZE + frag_len),
    626 - GFP_KERNEL);
    627 + GFP_ATOMIC);
    628 if (skb_frag == NULL) {
    629 rc = -ENOMEM;
    630 goto free_exit;
    631 diff --git a/net/nfc/nci/hci.c b/net/nfc/nci/hci.c
    632 index 5fae3f064ad0a..9c37618f36c62 100644
    633 --- a/net/nfc/nci/hci.c
    634 +++ b/net/nfc/nci/hci.c
    635 @@ -165,7 +165,7 @@ static int nci_hci_send_data(struct nci_dev *ndev, u8 pipe,
    636
    637 i = 0;
    638 skb = nci_skb_alloc(ndev, conn_info->max_pkt_payload_len +
    639 - NCI_DATA_HDR_SIZE, GFP_KERNEL);
    640 + NCI_DATA_HDR_SIZE, GFP_ATOMIC);
    641 if (!skb)
    642 return -ENOMEM;
    643
    644 @@ -198,7 +198,7 @@ static int nci_hci_send_data(struct nci_dev *ndev, u8 pipe,
    645 if (i < data_len) {
    646 skb = nci_skb_alloc(ndev,
    647 conn_info->max_pkt_payload_len +
    648 - NCI_DATA_HDR_SIZE, GFP_KERNEL);
    649 + NCI_DATA_HDR_SIZE, GFP_ATOMIC);
    650 if (!skb)
    651 return -ENOMEM;
    652
    653 diff --git a/sound/isa/wavefront/wavefront_synth.c b/sound/isa/wavefront/wavefront_synth.c
    654 index 6c06d06457796..b205c12c60092 100644
    655 --- a/sound/isa/wavefront/wavefront_synth.c
    656 +++ b/sound/isa/wavefront/wavefront_synth.c
    657 @@ -1091,7 +1091,8 @@ wavefront_send_sample (snd_wavefront_t *dev,
    658
    659 if (dataptr < data_end) {
    660
    661 - __get_user (sample_short, dataptr);
    662 + if (get_user(sample_short, dataptr))
    663 + return -EFAULT;
    664 dataptr += skip;
    665
    666 if (data_is_unsigned) { /* GUS ? */
    667 diff --git a/tools/perf/bench/numa.c b/tools/perf/bench/numa.c
    668 index 7b364f2926d4f..901e9d6efcece 100644
    669 --- a/tools/perf/bench/numa.c
    670 +++ b/tools/perf/bench/numa.c
    671 @@ -1626,7 +1626,7 @@ static int __bench_numa(const char *name)
    672 "GB/sec,", "total-speed", "GB/sec total speed");
    673
    674 if (g->p.show_details >= 2) {
    675 - char tname[14 + 2 * 10 + 1];
    676 + char tname[14 + 2 * 11 + 1];
    677 struct thread_data *td;
    678 for (p = 0; p < g->p.nr_proc; p++) {
    679 for (t = 0; t < g->p.nr_threads; t++) {